Come hang out with us and be part of our awesome community on Discord! Whether you're here to chat, get support, or just have fun, everyone is welcome.
See you there! 💬✨
A Cloudflare Workers-based proxy that provides threat intelligence and protection for your web applications.
- Threat Intelligence: Real-time threat detection using Arxignis API
- Traffic Monitoring: Monitor and analyze incoming traffic
- Blocking Mode: Automatically block malicious traffic
- Turnstile Integration: Cloudflare Turnstile for bot protection
- OpenTelemetry Integration: Comprehensive observability with Prometheus/Axiom support
- Durable Objects: Efficient buffering for logs and metrics
- KV Storage: Caching for improved performance
- Easy Deployment: Simple installation script for Cloudflare Workers
- Node.js: Version 22 or higher
- pnpm: For package management (recommended)
- npx: For Wrangler commands
- jq: For JSON parsing (automatically installed if missing)
- Bash: For running the installation script
- Cloudflare Account: Active Cloudflare account
- API Token: Cloudflare API token with the following permissions:
- Account Settings (Read)
- Challenge Widgets (Edit)
- User Details (Read)
- Workers KV Storage (Edit)
- Workers Routes (Edit)
- Workers Scripts (Edit)
- Zone (Read)
- DNS (Read)
- Arxignis API Key: Get your API key from arxignis.com
- Domain: A domain you control and can configure DNS for
- Axiom (Optional): For Prometheus metrics collection via OpenTelemetry
- Clone or download the proxy files to your local machine
git clone https://github.com/arxignis/cf-integration
- Navigate to the proxy directory:
cd cf-integration - Run the installation script:
./install.sh
- Follow the prompts to configure your settings
- Deploy to Cloudflare Workers:
pnpm install npx wrangler deploy
If you prefer to configure manually:
-
Install dependencies:
pnpm install
-
Configure
wrangler.jsonc:- Set your Cloudflare Account ID
- Configure your domain routes
- Add your API keys and settings
- Configure KV namespaces and Durable Objects
-
Deploy:
npx wrangler deploy
The following environment variables can be configured in wrangler.jsonc:
| Variable | Description | Required |
|---|---|---|
MODE |
Operation mode: monitor or block |
Yes |
ARXIGNIS_API_KEY |
Your Arxignis API key | Yes |
TURNSTILE_SITE_KEY |
Cloudflare Turnstile site key | Yes |
TURNSTILE_SECRET_KEY |
Cloudflare Turnstile secret key | Yes |
PERFORMANCE_METRICS |
Enable metrics: true or false |
No |
PROMETHEUS_URL |
Axiom traces endpoint for metrics | No |
PROMETHEUS_HEADERS |
Authorization headers for metrics | No |
BUFFER_FLUSH_INTERVAL |
Buffer flush interval in milliseconds | No |
BUFFER_MAX_RETRIES |
Maximum retry attempts for buffer operations | No |
- Monitor Mode: Only monitors traffic without blocking
- Block Mode: Monitors and blocks malicious traffic
The proxy includes comprehensive observability features:
- OpenTelemetry Integration: Automatic tracing and metrics collection
- Durable Objects: Efficient buffering for logs and metrics
- KV Storage: Caching for improved performance
- Prometheus Export: Metrics export to Axiom or other Prometheus-compatible systems
The installation script can automatically create Turnstile widgets, or you can use existing ones:
- Automatic: Answer "no" when asked about existing Turnstile keys
- Manual: Provide your existing site key and secret key
For local development:
pnpm dev # Development with live reload
pnpm start # Basic development server
pnpm test # Run tests
pnpm cf-typegen # Generate Cloudflare typesAfter deployment, configure your domain's DNS:
- Add a CNAME record pointing to your Cloudflare Workers domain
- Or use Cloudflare's proxy for additional benefits
- Logs: View logs in Cloudflare Workers dashboard
- Metrics: If enabled, view metrics in your Axiom dashboard
- Tracing: OpenTelemetry traces for request flow analysis
- Analytics: Monitor traffic patterns and threats
- Remediation Engine: Threat assessment and decision making
- Captcha Handler: Turnstile integration for bot protection
- Log Buffer: Efficient logging with Durable Objects
- Metrics Buffer: Performance metrics collection
- Cache System: KV-based caching for improved performance
- Request Reception: Incoming requests are analyzed
- Threat Assessment: Arxignis API evaluates the request
- Decision Making: Choose between allow, block, or captcha
- Response Generation: Generate appropriate response
- Metrics Collection: Collect performance and security metrics
-
Installation fails:
- Ensure Node.js version 16+ is installed
- Check that you have proper Cloudflare API token permissions
- Verify your Arxignis API key is valid
-
Turnstile widget creation fails:
- Verify your Cloudflare API token has "Challenge Widgets (Edit)" permission
- Check that your domain is properly configured in Cloudflare
-
Deployment fails:
- Ensure you're logged in to Wrangler:
npx wrangler login - Check your
wrangler.jsoncconfiguration - Verify your Cloudflare Account ID is correct
- Use
npx wrangler deploy -e productionfor production deployment
- Ensure you're logged in to Wrangler:
-
Metrics not working:
- Verify
PERFORMANCE_METRICSis set totrue - Check
PROMETHEUS_URLand headers configuration - Ensure Axiom dataset is properly configured
- Verify
- Documentation: Visit docs.arxignis.com
- Support: Contact support through the Arxignis platform
- Issues: Report bugs or issues through the Arxignis support channels
- API Keys: Never commit API keys to version control
- Environment Variables: Use Cloudflare Workers secrets for sensitive data
- Access Control: Regularly review and rotate API tokens
- Monitoring: Enable logging and monitoring for security events
- Buffer Security: Durable Objects provide isolated execution context
This project is licensed under the terms specified in the LICENSE file.
Contributions are welcome! Please read the contributing guidelines before submitting pull requests.
For more information, visit arxignis.com